# Privacy Policy

> How ScrollLaunch collects, uses, shares, and protects your personal data — plus your rights under GDPR, CCPA, and India's DPDP Act.

```yaml
url: "https://www.scrolllaunch.com/privacy"
last_updated: 2026-04-24
effective_date: 2026-04-24
operator: ScrollLaunch
jurisdiction: "Rajasthan, India"
governing_law: India
contact: "kalashvasaniya@gmail.com"
```

## Summary

- We use **Google OAuth** (via NextAuth) for sign-in. We never see your password.
- We use **Datafa.st** for cookie-free, GDPR-compliant analytics — no cross-site tracking, no third-party fingerprinting.
- We use **Dodo Payments** for payments. Card details never touch our servers.
- Maker product content (name, tagline, description, logo, website URL) is **intentionally public** — that's the whole point of the Service.
- We do **not** sell your personal data. Ever.

## Data controller

The data controller is ScrollLaunch, reachable at kalashvasaniya@gmail.com. We respond to data-subject requests within 30 days.

## Data we collect

**Account data (from Google OAuth):** your name, email address, profile picture URL, and a stable Google account identifier.

**Product / launch data (you submit):** product name, tagline, description, logo, screenshots, video URL, website, social handles, categories, tags, pricing info, target audience, problem/solution copy, FAQ entries, alternative-to mentions, launch week.

**Engagement data:** upvotes you cast, comments you write, products you visit, badges you earn, weekly rankings.

**Payment data (via Dodo Payments):** transaction IDs, amounts, currencies, status. We never see card numbers, CVVs, or banking credentials.

**Analytics data (via Datafa.st):** anonymised pageviews, referrers, country (no IP storage, no cookies, no cross-site identifiers).

**Server logs:** request method/path, response code, user-agent, IP address (kept for ≤ 30 days for abuse and rate-limit enforcement).

## How we use your data

- Operate the Service: authenticate sessions, render the leaderboard, surface comments, send transactional emails.
- Process payments and prevent fraud.
- Send you product-related emails (e.g. launch reminder, weekly digest if you opt in). You can unsubscribe at any time.
- Improve the Service (debugging, performance optimisation, abuse detection).
- Generate AI launch stories on your explicit request (Premium+ tier; uses OpenAI).

## Legal bases (GDPR)

- **Contract:** account creation, payment processing, delivery of paid features.
- **Legitimate interest:** abuse prevention, security logging, server analytics, the dofollow-backlink mechanic that constitutes our core value proposition.
- **Consent:** marketing emails (you opt in; you can withdraw anytime).
- **Legal obligation:** tax, accounting, responding to lawful legal process.

## Sharing

We share data only with the processors required to run the Service:

- **MongoDB Atlas** — primary database.
- **Vercel Inc.** — application hosting + CDN.
- **Cloudinary** — image hosting (logos, gallery).
- **Dodo Payments** — payment processing (PCI-DSS).
- **Datafa.st** — cookie-free analytics.
- **Google OAuth (via NextAuth)** — authentication.
- **OpenAI** — only when you trigger AI generation (Premium+).
- **Resend** — transactional email delivery.

We do not sell personal data, do not run ad networks, and do not share data with brokers.

## International transfers

ScrollLaunch operates from India; processors operate from the EU and the US. Where applicable we rely on Standard Contractual Clauses or equivalent safeguards.

## Retention

- Account + product data: kept until you delete the account.
- Public Maker Content (live products, comments): may be retained after deletion for SEO continuity unless removal is legally required.
- Server logs: ≤ 30 days.
- Analytics: aggregated, no per-user retention.
- Payment records: kept as required by tax law (typically 7 years).

## Your rights

Subject to your local law (GDPR, CCPA/CPRA, India's DPDP Act, etc.) you have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent at any time. Email kalashvasaniya@gmail.com to exercise any right; we'll respond within 30 days. You may also lodge a complaint with your local data-protection authority.

## Cookies

We use only strictly-necessary first-party cookies for authentication and CSRF. Full list on the [Cookie Policy](https://www.scrolllaunch.com/cookies).

## Children

The Service is not directed at children under 13. If we learn we have inadvertently collected data from a child, we will delete it.

## Changes

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be announced by email.

## Contact

kalashvasaniya@gmail.com

_HTML version: https://www.scrolllaunch.com/privacy_